• Consider deploying encryption solutions if there are data residency concerns for data crossing borders.
• Review the management and access rights to the data.
• Ensure that privileged users in cloud services providers are not granted access. To meet national and cross-border compliance issues, enterprises should also consider restricting data export and user access on a country-by-country basis.
• Manage the keys locally to comply with local privacy requirements. Any legal requests via host nations or through bilateral agreements must then be made directly through the enterprise.
• Ensure that the selected vendor encryption products can provide the level of security, and operate in the different storage environments and locations as required.
• Realize that, if encryption export/import restrictions apply, then simply storing the encrypted data in the restrictive jurisdictions may still be possible if no encryption technologies are also present.
• Use a documented key revocation and destruction process. In that way, an enterprise can show that data in the cloud has been “digitally shredded,” even if confirmation of physical destruction is not possible.